Is Harvest Finance Safe & Legit? — Yes, It is!
Is Harvest Finance legit and secure? The short answer is Yes, it is safe and secure.
This is a question I see people asking all of the time on the web, Reddit, Telegram, Discord, forums… you name it.
And you know what? It’s a valid question.
In fact, if you’re not asking yourself the same question before depositing your hard-earned money into a DeFi protocol, you’re not doing it right. The preservation of your capital is even more important than high yields and gains.
So you better be asking this question and if you don’t like the answer, then walk away. It’s as simple as that.
Now, in this article, I will answer this question for you. I will explain in detail my research and confirm to you that Harvest Finance is in fact safe to use and is a legitimate DeFi protocol for automated cryptocurrency yield farming.
4 Solid Security Audits of Harvest Finance
The smart contracts powering Harvest Finance have been designed from the ground up with a strong emphasis on security.
Not only did Harvest’s developers put a lot of effort into vigorously testing the smart contracts themselves, they got their smart contracts audited by not 1 but 4 independent industry-leading smart contract security auditing and development firms.
Let’s take a look:
1.Haechi Labs Audit
In early September 2020, shortly after Harvest Finance launched, HAECHI AUDIT completed an initial security review on ‘Harvest.Finance’ which could not identify any serious bugs in the smart contracts.
By the end of the month, the firm released a full smart contract audit report which found 6 issues (0 critical, 1 major, 5 minor). All issues have since been resolved by Harvest developers.
Haechi Audit is a trusted smart contract security audit and development firm that has previously performed audits for entities like Samsung, LG, and the Ethereum Foundation. In other words, their audits are professional and trusted by industry leaders.
2. PeckShield Audit
Also in September 2020, PeckShield, a leading blockchain security company conducted an initial security review which found no serious business logic issues in Harvest Finance’s smart contracts.
Then, just 1 month later they released a full smart contract audit report of Harvest Finance and found 6 potential issues with the severities labeled as (0 Critical, 1 High, 2 Medium, 3 Low). The issues PeckShield found were the same as the ones Haechi Labs found and have since been resolved by Harvest developers.
PeckShield is a global leader in blockchain security and has conducted security audits for a variety of cryptocurrencies and crypto-related companies such as exchanges. Some of PechShield's most notable clients include Aave, Ren, MakerDAO, NEO, Huobi, KuCoin, Bithumb… the list goes on.
3. CertiK Audit
A later Harvest Finance security report was delivered in November 2020 and was conducted by CertiK, a leading blockchain security company that offers a wide array of security products and services.
The Harvest Finance security assessment report by CertiK found a total of 1 issue (0 Critical, 0 Major, 1 Minor), and this minor vulnerability was clarified by Harvest developers to be desired functionality and should not result in an exploitable attack vector. The audit did however find numerous sections where the codebase could be improved optimization-wise.
CertiK is a widely used blockchain security company that provides auditing services and more to deliver provable trust across all facets of blockchain. Some of CertiK clients include Aave, PancakeSwap, 1Inch, Band Protocol, Terra, and many more.
4. Process Quality Audit
On January 21, 2021, Defi Safety delivered a Harvest Finance Process Quality Audit that was performed by ShinkaRex of Caliburn Consulting. The final score of the audit is 67%, which doesn’t sound great at first, but actually, it’s quite impressive.
The scoring index is as follows:
- Code & Team — 66%
- Documentation — 24%
- Testing — 59%
- Audits — 100%
The reason Harvest Finance received the score it did, and not higher, is because their team is anonymous and their software documentation is poor, this took a lot of points down. However, the code is good and Harvest is deemed to be safe and secure.
DeFi Safety has conducted over 100 audits on a wide variety of DeFi protocols and many notable projects you probably know of received lower scores than Harvest Finance.
Therefore, Harvest’s score of 67% doesn’t look so bad, it’s actually good.
DeFi Safety PQ Audit scores:
- Yearn Finance V1–66%
- SushiSwap — 57%
- PancakeSwap — 42%
- Badger DAO — 65%
- 1inch — 31%
- Crypto.com — 28%
- Saffron Finance — 31%
5. LeastAuthority Audit
The most recent Harvest Finance security audit was delivered in February 2021 and was conducted by LeastAuthority, another leading security firm.
Harvest commissioned this security review and full audit in light of the rise of flash loan attacks on several notable projects in the DeFi ecosystem and is a part of Harvest’s commitment to security strategy.
LeastAuthority’s security audit and review found three issues being 1) Flashloan Attack, 2) Sandwich Attack, and 3) Price Checkpoint DoS. They also provided 4 suggestions for Harvest Finance to resolve/mitigate these issues in which Harvest devs took very seriously and addressed them soon after the delivered report.
Bounty is Up There
No protocol no matter how many security audits they have is 100% safe. Period.
Not even the likes of Facebook, a $900B company is safe. They recently suffered an attack in April 2021, resulting in 533M Facebook users' data getting leaked online.
That said, it never hurts to have a bug bounty program in place so that hackers can morally attack your protocol and receive $$ rewards for doing so.
That’s why Harvest Finance has teamed up with Immunifi, a premier bug bounty platform to offer up to a $200K reward if you find a bug on Harvest Finance:
Harvest Finance isn’t the only protocol with a bug bounty in place through Immunifi either. Projects like Synthetix, Cream Finance, SushiSwap, PancakeSwap, xDai Stake, Badger DAO, Value DeFi, and many more have bug bounties up for grabs.
However, Harvest Finance’s $200K bounty is one of the higher rewards up for grabs, which goes to show how serious they are about security.
Conclusion
Remember, DeFi is like the wild west.
Nothing is 100% secure and exploit proof, it’s a no man’s land out there and while the land is fertile, it’s not a risk-free zone.
Stay humble farmers, godspeed.
